// SPDX-License-Identifier: GPL-2.0+
/* NetworkManager Applet -- allow user control over networking
 *
 * Dan Williams <dcbw@redhat.com>
 *
 * Copyright 2004 - 2019 Red Hat, Inc.
 * (C) Copyright 2018 Lubomir Rintel
 */

#include "nm-default.h"

#include "applet-vpn-request.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <errno.h>

#include "nma-vpn-password-dialog.h"
#include "nm-utils/nm-compat.h"
#include "nm-utils/nm-shared-utils.h"

/*****************************************************************************/

typedef struct {
	char *name;
	char *label;
	char *value;
	gboolean is_secret;
	gboolean should_ask;
} EuiSecret;

typedef struct {
	char *uuid;
	char *id;
	char *service_type;

	guint watch_id;
	GPid pid;

	int child_stdout;
	GString *child_response;
	GIOChannel *channel;
	guint channel_eventid;
	GVariantBuilder secrets_builder;
	gboolean external_ui_mode;

	/* These are just for the external UI mode */
	EuiSecret *eui_secrets;
	GtkDialog *dialog;
} RequestData;

typedef struct {
	SecretsRequest req;
	RequestData *req_data;
} VpnSecretsInfo;

/*****************************************************************************/

static void complete_request (VpnSecretsInfo *info);

/*****************************************************************************/

size_t
applet_vpn_request_get_secrets_size (void)
{
	return sizeof (VpnSecretsInfo);
}

/*****************************************************************************/

static void
external_ui_add_secrets (VpnSecretsInfo *info)
{
	RequestData *req_data = info->req_data;
	EuiSecret *secret;
	guint i;

	for (i = 0; req_data->eui_secrets[i].name; i++) {
		secret = &req_data->eui_secrets[i];
		if (   secret->is_secret
		    && secret->value
		    && secret->value[0]) {
			g_variant_builder_add (&req_data->secrets_builder, "{ss}",
			                       secret->name,
			                       secret->value);
		}
	}
}

static void
external_ui_dialog_response (GtkDialog *dialog, int response_id, gpointer user_data)
{
	VpnSecretsInfo *info = user_data;
	RequestData *req_data = info->req_data;
	NMAVpnPasswordDialog *vpn_dialog = NMA_VPN_PASSWORD_DIALOG (dialog);
	EuiSecret *secret;
	const char *value;
	guint i_secret, i_pw;

	for (i_secret = 0, i_pw = 0; req_data->eui_secrets[i_secret].name; i_secret++) {
		secret = &req_data->eui_secrets[i_secret];
		if (   secret->is_secret
		    && secret->should_ask) {
			switch (i_pw) {
			case 0:
				value = nma_vpn_password_dialog_get_password (vpn_dialog);
				break;
			case 1:
				value = nma_vpn_password_dialog_get_password_secondary (vpn_dialog);
				break;
			case 2:
				value = nma_vpn_password_dialog_get_password_ternary (vpn_dialog);
				break;
			default:
				continue;
			}
			g_free (secret->value);
			secret->value = g_strdup (value);
			i_pw++;
		}
	}

	gtk_widget_destroy (GTK_WIDGET (dialog));
	g_clear_object (&req_data->dialog);
	external_ui_add_secrets (info);
	complete_request (info);
}

static gboolean
external_ui_from_child_response (VpnSecretsInfo *info, GError **error)
{
	RequestData *req_data = info->req_data;
	gs_unref_keyfile GKeyFile *keyfile = NULL;
	gs_strfreev char **groups = NULL;
	NMAVpnPasswordDialog *dialog = NULL;
	gs_free char *version = NULL;
	gs_free char *title = NULL;
	gs_free char *message = NULL;
	gsize num_groups;
	guint num_ask = 0;
	guint i_group, i_secret, i_pw;

	/* Parse response key file */
	keyfile = g_key_file_new ();

	if (!g_key_file_load_from_data (keyfile,
	                                req_data->child_response->str,
	                                req_data->child_response->len,
	                                G_KEY_FILE_NONE,
	                                error)) {
		return FALSE;
	}

	groups = g_key_file_get_groups (keyfile, &num_groups);
	if (g_strcmp0 (groups[0], "VPN Plugin UI") != 0) {
		g_set_error_literal (error,
		                     NM_SECRET_AGENT_ERROR,
		                     NM_SECRET_AGENT_ERROR_FAILED,
		                     "Expected [VPN Plugin UI]");
		return FALSE;
	}

	version = g_key_file_get_string (keyfile, "VPN Plugin UI", "Version", error);
	if (!version)
		return FALSE;
	if (strcmp (version, "2") != 0) {
		g_set_error_literal (error,
		                     NM_SECRET_AGENT_ERROR,
		                     NM_SECRET_AGENT_ERROR_FAILED,
		                     "Expected Version=2");
		return FALSE;
	}

	title = g_key_file_get_string (keyfile, "VPN Plugin UI", "Title", error);
	if (!title)
		return FALSE;

	message = g_key_file_get_string (keyfile, "VPN Plugin UI", "Description", error);
	if (!message)
		return FALSE;

	/* Create a secret instance for each group */
	req_data->eui_secrets = g_new0 (EuiSecret, num_groups);
	for (i_group = 1, i_secret = 0; i_group < num_groups; i_group++) {
		EuiSecret *secret = &req_data->eui_secrets[i_secret];
		const char *group = groups[i_group];
		char *label;

		label = g_key_file_get_string (keyfile, group, "Label", NULL);
		if (!label) {
			g_warning ("Skipping entry: no label\n");
			continue;
		}

		secret->name = g_strdup (group);
		secret->label = label;
		secret->value = g_key_file_get_string (keyfile, group, "Value", NULL);
		secret->is_secret = g_key_file_get_boolean (keyfile, group, "IsSecret", NULL);
		secret->should_ask = g_key_file_get_boolean (keyfile, group, "ShouldAsk", NULL);

		i_secret++;

		if (secret->is_secret && secret->should_ask)
			num_ask++;
	}

	/* If there are any secrets that must be asked to user,
	 * create a dialog and display it. */
	if (num_ask > 0) {
		dialog = (NMAVpnPasswordDialog *) nma_vpn_password_dialog_new (title, message, NULL);
		req_data->dialog = g_object_ref_sink (dialog);

		nma_vpn_password_dialog_set_show_password (dialog, FALSE);
		nma_vpn_password_dialog_set_show_password_secondary (dialog, FALSE);
		nma_vpn_password_dialog_set_show_password_ternary (dialog, FALSE);

		for (i_secret = 0, i_pw = 0; req_data->eui_secrets[i_secret].name; i_secret++) {
			EuiSecret *secret = &req_data->eui_secrets[i_secret];

			if (   secret->is_secret
			    && secret->should_ask) {
				switch (i_pw) {
				case 0:
					nma_vpn_password_dialog_set_show_password (dialog, TRUE);
					nma_vpn_password_dialog_set_password_label (dialog, secret->label);
					if (secret->value)
						nma_vpn_password_dialog_set_password (dialog, secret->value);
					break;
				case 1:
					nma_vpn_password_dialog_set_show_password_secondary (dialog, TRUE);
					nma_vpn_password_dialog_set_password_secondary_label (dialog, secret->label);
					if (secret->value)
						nma_vpn_password_dialog_set_password_secondary (dialog, secret->value);
					break;
				case 2:
					nma_vpn_password_dialog_set_show_password_ternary (dialog, TRUE);
					nma_vpn_password_dialog_set_password_ternary_label (dialog, secret->label);
					if (secret->value)
						nma_vpn_password_dialog_set_password_ternary (dialog, secret->value);
					break;
				default:
					g_warning ("Skipping entry: more than 3 passwords not supported\n");
					continue;
				}
				i_pw++;
			}
		}
		g_signal_connect (dialog,
		                  "response",
		                  G_CALLBACK (external_ui_dialog_response),
		                  info);
		gtk_widget_show (GTK_WIDGET (dialog));
		return TRUE;
	}

	/* Nothing to ask, return known secrets */
	external_ui_add_secrets (info);
	complete_request (info);
	return TRUE;
}

/*****************************************************************************/

static void
complete_request (VpnSecretsInfo *info)
{
	SecretsRequest *req = (SecretsRequest *) info;
	RequestData *req_data = info->req_data;
	GVariantBuilder settings_builder, vpn_builder;
	gs_unref_variant GVariant *settings = NULL;

	g_variant_builder_init (&settings_builder, NM_VARIANT_TYPE_CONNECTION);
	g_variant_builder_init (&vpn_builder, NM_VARIANT_TYPE_SETTING);

	g_variant_builder_add (&vpn_builder, "{sv}",
	                       NM_SETTING_VPN_SECRETS,
	                       g_variant_builder_end (&req_data->secrets_builder));
	g_variant_builder_add (&settings_builder, "{sa{sv}}",
	                       NM_SETTING_VPN_SETTING_NAME,
	                       &vpn_builder);
	settings = g_variant_ref_sink (g_variant_builder_end (&settings_builder));

	applet_secrets_request_complete (req, settings, NULL);
	applet_secrets_request_free (req);
}

static void
process_child_response (VpnSecretsInfo *info)
{
	SecretsRequest *req = (SecretsRequest *) info;
	RequestData *req_data = info->req_data;
	gs_free_error GError *error = NULL;

	if (req_data->external_ui_mode) {
		if (!external_ui_from_child_response (info, &error)) {
			applet_secrets_request_complete (req, NULL, error);
			applet_secrets_request_free (req);
		}
	} else {
		char **lines = g_strsplit (req_data->child_response->str, "\n", -1);
		int i;

		for (i = 0; lines[i] && *(lines[i]); i += 2) {
			if (lines[i + 1] == NULL)
				break;
			g_variant_builder_add (&req_data->secrets_builder, "{ss}", lines[i], lines[i + 1]);
		}

		g_strfreev (lines);
		complete_request (info);
	}
}

static void
child_finished_cb (GPid pid, int status, gpointer user_data)
{
	VpnSecretsInfo *info = user_data;
	SecretsRequest *req = (SecretsRequest *) info;
	RequestData *req_data = info->req_data;
	gs_free_error GError *error = NULL;

	req_data->pid = 0;
	req_data->watch_id = 0;

	if (status) {
		error = g_error_new (NM_SECRET_AGENT_ERROR,
		                     NM_SECRET_AGENT_ERROR_USER_CANCELED,
		                     "%s.%d (%s): canceled", __FILE__, __LINE__, __func__);

		applet_secrets_request_complete (req, NULL, error);
		applet_secrets_request_free (req);
	} else if (req_data->channel_eventid == 0) {
		/* We now have both the child response and its exit status. Process it. */
		process_child_response (info);
	}
}

static gboolean
child_stdout_data_cb (GIOChannel *source, GIOCondition condition, gpointer user_data)
{
	SecretsRequest *req = user_data;
	VpnSecretsInfo *info = (VpnSecretsInfo *) req;
	RequestData *req_data = info->req_data;
	GIOStatus status;
	char buf[4096];
	size_t bytes_read;
	gs_free_error GError *error = NULL;

	status = g_io_channel_read_chars (source, buf, sizeof (buf)-1, &bytes_read, &error);
	switch (status) {
	case G_IO_STATUS_ERROR:
		req_data->channel_eventid = 0;
		applet_secrets_request_complete (req, NULL, error);
		applet_secrets_request_free (req);
		return FALSE;
	case G_IO_STATUS_EOF:
		req_data->channel_eventid = 0;
		if (req_data->pid == 0) {
			/* We now have both the childe respons and
			 * its exit status. Process it. */
			process_child_response (info);
		}
		return FALSE;
	case G_IO_STATUS_NORMAL:
		g_string_append_len (req_data->child_response, buf, bytes_read);
		break;
	default:
		/* What just happened... */
		g_return_val_if_reached (FALSE);
	}

	return TRUE;
}

/*****************************************************************************/

static void
_str_append (GString *str,
             const char *tag,
             const char *val)
{
	const char *s;
	gsize i;

	nm_assert (str);
	nm_assert (tag && tag[0]);
	nm_assert (val);

	g_string_append (str, tag);
	g_string_append_c (str, '=');

	s = strchr (val, '\n');
	if (s) {
		gs_free char *val2 = g_strdup (val);

		for (i = 0; val2[i]; i++) {
			if (val2[i] == '\n')
				val2[i] = ' ';
		}
		g_string_append (str, val2);
	} else
		g_string_append (str, val);
	g_string_append_c (str, '\n');
}

static char *
connection_to_data (NMConnection *connection,
                    gsize *out_length,
                    GError **error)
{
	NMSettingVpn *s_vpn;
	GString *buf;
	const char **keys;
	guint i, len;

	g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);

	s_vpn = nm_connection_get_setting_vpn (connection);
	if (!s_vpn) {
		g_set_error_literal (error,
		                     NM_SECRET_AGENT_ERROR,
		                     NM_SECRET_AGENT_ERROR_FAILED,
		                     _("Connection had no VPN setting"));
		return NULL;
	}

	buf = g_string_new_len (NULL, 100);

	keys = nm_setting_vpn_get_data_keys (s_vpn, &len);
	for (i = 0; i < len; i++) {
		_str_append (buf, "DATA_KEY", keys[i]);
		_str_append (buf, "DATA_VAL", nm_setting_vpn_get_data_item (s_vpn, keys[i]));
	}
	nm_clear_g_free (&keys);

	keys = nm_setting_vpn_get_secret_keys (s_vpn, &len);
	for (i = 0; i < len; i++) {
		_str_append (buf, "SECRET_KEY", keys[i]);
		_str_append (buf, "SECRET_VAL", nm_setting_vpn_get_secret (s_vpn, keys[i]));
	}
	nm_clear_g_free (&keys);

	g_string_append (buf, "DONE\n\nQUIT\n\n");
	NM_SET_OUT (out_length, buf->len);
	return g_string_free (buf, FALSE);
}

/*****************************************************************************/

static gboolean
connection_to_fd (NMConnection *connection,
                  int fd,
                  GError **error)
{
	gs_free char *data = NULL;
	gsize data_len;
	gssize w;
	int errsv;

	data = connection_to_data (connection, &data_len, error);
	if (!data)
		return FALSE;

again:
	w = write (fd, data, data_len);
	if (w < 0) {
		errsv = errno;
		if (errsv == EINTR)
			goto again;
		g_set_error (error,
		             NM_SECRET_AGENT_ERROR,
		             NM_SECRET_AGENT_ERROR_FAILED,
		             _("Failed to write connection to VPN UI: %s (%d)"), g_strerror (errsv), errsv);
		return FALSE;
	}

	if ((gsize) w != data_len) {
		g_set_error_literal (error,
		                     NM_SECRET_AGENT_ERROR,
		                     NM_SECRET_AGENT_ERROR_FAILED,
		                     _("Failed to write connection to VPN UI: incomplete write"));
		return FALSE;
	}

	return TRUE;
}

/*****************************************************************************/

static void
vpn_child_setup (gpointer user_data)
{
	/* We are in the child process at this point */
	pid_t pid = getpid ();
	setpgid (pid, pid);
}

static gboolean
auth_dialog_spawn (const char *con_id,
                   const char *con_uuid,
                   const char *const*hints,
                   const char *auth_dialog,
                   const char *service_type,
                   gboolean supports_hints,
                   gboolean external_ui_mode,
                   guint32 flags,
                   GPid *out_pid,
                   int *out_stdin,
                   int *out_stdout,
                   GError **error)
{
	gsize hints_len;
	gsize i, j;
	gs_free const char **argv = NULL;
	gs_free const char **envp = NULL;
	gsize environ_len;

	g_return_val_if_fail (con_id, FALSE);
	g_return_val_if_fail (con_uuid, FALSE);
	g_return_val_if_fail (auth_dialog, FALSE);
	g_return_val_if_fail (service_type, FALSE);
	g_return_val_if_fail (out_pid, FALSE);
	g_return_val_if_fail (out_stdin, FALSE);
	g_return_val_if_fail (out_stdout, FALSE);

	hints_len = NM_PTRARRAY_LEN (hints);
	argv = g_new (const char *, 11 + (2 * hints_len));
	i = 0;
	argv[i++] = auth_dialog;
	argv[i++] = "-u";
	argv[i++] = con_uuid;
	argv[i++] = "-n";
	argv[i++] = con_id;
	argv[i++] = "-s";
	argv[i++] = service_type;
	if (flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)
		argv[i++] = "-i";
	if (flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW)
		argv[i++] = "-r";
	for (j = 0; supports_hints && (j < hints_len); j++) {
		argv[i++] = "-t";
		argv[i++] = hints[j];
	}
	if (external_ui_mode)
		argv[i++] = "--external-ui-mode";
	nm_assert (i <= 10 + (2 * hints_len));
	argv[i++] = NULL;

	environ_len = NM_PTRARRAY_LEN (environ);
	envp = g_new (const char *, environ_len + 1);
	memcpy (envp, environ, sizeof (const char *) * environ_len);
	for (i = 0, j = 0; i < environ_len; i++) {
		const char *e = environ[i];

		if (g_str_has_prefix (e, "G_MESSAGES_DEBUG=")) {
			/* skip this environment variable. We interact with the auth-dialog via stdout.
			 * G_MESSAGES_DEBUG may enable additional debugging messages from GTK. */
			continue;
		}
		envp[j++] = e;
	}
	envp[j] = NULL;

	if (!g_spawn_async_with_pipes (NULL,
	                               (char **) argv,
	                               (char **) envp,
	                               G_SPAWN_DO_NOT_REAP_CHILD,
	                               vpn_child_setup,
	                               NULL,
	                               out_pid,
	                               out_stdin,
	                               out_stdout,
	                               NULL,
	                               error))
		return FALSE;

	return TRUE;
}

/*****************************************************************************/

static gboolean
ensure_killed (gpointer data)
{
	pid_t pid = GPOINTER_TO_INT (data);

	kill (pid, SIGKILL);
	waitpid (pid, NULL, 0);
	return FALSE;
}

static void
dialog_response_destroy (GtkDialog *dialog, int response_id, gpointer user_data)
{
	gtk_widget_destroy (GTK_WIDGET (dialog));
	g_object_unref (dialog);
}

static void
free_vpn_secrets_info (SecretsRequest *req)
{

	RequestData *req_data;
	guint i;

	req_data = ((VpnSecretsInfo *) req)->req_data;

	if (!req_data)
		return;

	g_free (req_data->uuid);
	g_free (req_data->id);
	g_free (req_data->service_type);

	nm_clear_g_source (&req_data->watch_id);

	nm_clear_g_source (&req_data->channel_eventid);
	if (req_data->channel)
		g_io_channel_unref (req_data->channel);

	if (req_data->pid) {
		if (kill (req_data->pid, SIGTERM) == 0)
			g_timeout_add_seconds (2, ensure_killed, GINT_TO_POINTER (req_data->pid));
		else {
			kill (req_data->pid, SIGKILL);
			waitpid (req_data->pid, NULL, 0);
		}
	}

	if (req_data->child_response)
		g_string_free (req_data->child_response, TRUE);

	g_variant_builder_clear (&req_data->secrets_builder);

	if (req_data->eui_secrets) {
		for (i = 0; req_data->eui_secrets[i].name; i++) {
			g_free (req_data->eui_secrets[i].name);
			g_free (req_data->eui_secrets[i].label);
			g_free (req_data->eui_secrets[i].value);
		}
		g_free (req_data->eui_secrets);
	}

	if (req_data->dialog) {
		g_signal_handlers_disconnect_by_func (req_data->dialog,
		                                      external_ui_dialog_response,
		                                      req);
		g_signal_connect (req_data->dialog,
		                  "response",
		                  G_CALLBACK (dialog_response_destroy),
		                  NULL);
		req_data->dialog = NULL;
	}

	g_slice_free (RequestData, req_data);
}

gboolean
applet_vpn_request_get_secrets (SecretsRequest *req, GError **error)
{
	VpnSecretsInfo *info = (VpnSecretsInfo *) req;
	RequestData *req_data;
	NMSettingConnection *s_con;
	NMSettingVpn *s_vpn;
	const char *connection_type;
	const char *service_type;
	const char *auth_dialog;
	gs_unref_object NMVpnPluginInfo *plugin = NULL;
	int child_stdin;

	applet_secrets_request_set_free_func (req, free_vpn_secrets_info);

	s_con = nm_connection_get_setting_connection (req->connection);
	s_vpn = nm_connection_get_setting_vpn (req->connection);

	connection_type = nm_setting_connection_get_connection_type (s_con);
	g_return_val_if_fail (nm_streq0 (connection_type, NM_SETTING_VPN_SETTING_NAME), FALSE);

	service_type = nm_setting_vpn_get_service_type (s_vpn);
	g_return_val_if_fail (service_type, FALSE);

	plugin = nm_vpn_plugin_info_new_search_file (NULL, service_type);
	auth_dialog = plugin ? nm_vpn_plugin_info_get_auth_dialog (plugin) : NULL;
	if (!auth_dialog) {
		g_set_error (error,
		             NM_SECRET_AGENT_ERROR,
		             NM_SECRET_AGENT_ERROR_FAILED,
		             "Could not find the authentication dialog for VPN connection type '%s'",
		             service_type);
		return FALSE;
	}

	info->req_data = g_slice_new0 (RequestData);
	if (!info->req_data) {
		g_set_error_literal (error,
		                     NM_SECRET_AGENT_ERROR,
		                     NM_SECRET_AGENT_ERROR_FAILED,
		                     "Could not create VPN secrets request object");
		return FALSE;
	}
	req_data = info->req_data;

	g_variant_builder_init (&req_data->secrets_builder, G_VARIANT_TYPE ("a{ss}"));

	req_data->external_ui_mode = _nm_utils_ascii_str_to_bool (
		nm_vpn_plugin_info_lookup_property (plugin,
		                                    "GNOME",
		                                    "supports-external-ui-mode"),
		FALSE);

	if (!auth_dialog_spawn (nm_setting_connection_get_id (s_con),
	                        nm_setting_connection_get_uuid (s_con),
	                        (const char *const*) req->hints,
	                        auth_dialog,
	                        service_type,
	                        nm_vpn_plugin_info_supports_hints (plugin),
	                        req_data->external_ui_mode,
	                        req->flags,
	                        &req_data->pid,
	                        &child_stdin,
	                        &req_data->child_stdout,
	                        error))
		return FALSE;

	/* catch when child is reaped */
	req_data->watch_id = g_child_watch_add (req_data->pid, child_finished_cb, info);

	/* listen to what child has to say */
	req_data->channel = g_io_channel_unix_new (req_data->child_stdout);
	req_data->child_response = g_string_sized_new (4096);
	req_data->channel_eventid = g_io_add_watch (req_data->channel,
	                                            G_IO_IN  | G_IO_ERR | G_IO_HUP | G_IO_NVAL,
	                                            child_stdout_data_cb,
	                                            info);

	if (!connection_to_fd (req->connection, child_stdin, error))
		return FALSE;
	close (child_stdin);

	g_io_channel_set_encoding (req_data->channel, NULL, NULL);

	/* Dump parts of the connection to the child */
	return TRUE;
}
